AADUser: Add support for MemberOf #3825
Conversation
|
Thanks for the PR. I am trying to understand the scenario here and why this wouldn't already be covered by the Members property of the AADGroup resource. I am concerned that we could run into cases where membership is defined both at the user and group levels and if these differ, we will be running into endless configuration loops. e.g., AADUser John AADGroup GroupA AADGroup GroupB |
|
Basically it's a matter of choice. We're mostly using group-based licensing and recently I've begun preparing for 'pre-staging' resource-accounts for Teams Rooms and here I want to ensure that the account is made a member of the security-group that provides the correct license without at the same time maintaining a list of which accounts are members of the specific group. Perhaps the examples should be clear in that regard, for instance by saying that use of AADUSer.MemberOf may collide with use of AADGroup.Member - something that the examples for AADGroup should also mention. |
|
I've updated the changelog but now there's a conflict that I just can't see. |
|
Phew. Some ugly trial-error rebasing seems to have solved the issue |
|
PS You have the same 'conflict' within AADGroup where it's possible to specify Members AND MemberOf. When a group that is included elsewhere in another Group's MemberOf is configured with Members and the list doesn't contain that group - what then? My take is that if you want to control total membership of a group you use AADGroup -> Members. |
This reverts commit 8c36e1a.
|
PS I haven't updated the changelog - yet. When you're ready to approve, let me know and I'll include it in the PR |
|
Ah. I accidentally closed the PR. That wasn't my intention |
Pull Request (PR) description
AADUser: Adds support for property MemberOf
This Pull Request (PR) fixes the following issues
Fixes #3820